package org.wso2.carbon.user.core.ldap;

import com.ibm.icu.lang.UCharacter;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.Random;
import java.util.StringTokenizer;
import java.util.regex.Pattern;
import javax.naming.Name;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InvalidAttributeIdentifierException;
import javax.naming.directory.InvalidAttributeValueException;
import javax.naming.directory.NoSuchAttributeException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.sql.DataSource;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.user.api.Properties;
import org.wso2.carbon.user.api.Property;
import org.wso2.carbon.user.api.RealmConfiguration;
import org.wso2.carbon.user.core.UserCoreConstants;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.UserStoreConfigConstants;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.claim.ClaimManager;
import org.wso2.carbon.user.core.common.RoleContext;
import org.wso2.carbon.user.core.hybrid.HybridRoleManager;
import org.wso2.carbon.user.core.profile.ProfileConfigurationManager;
import org.wso2.carbon.user.core.tenant.Tenant;
import org.wso2.carbon.user.core.util.DatabaseUtil;
import org.wso2.carbon.user.core.util.JNDIUtil;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.user.core-4.5.3.jar:org/wso2/carbon/user/core/ldap/ReadWriteLDAPUserStoreManager.class */
public class ReadWriteLDAPUserStoreManager extends ReadOnlyLDAPUserStoreManager {
    public static final String PASSWORD_HASH_METHOD = "PasswordHashMethod";
    public static final String PASSWORD_HASH_METHOD_SHA = "SHA";
    public static final String PASSWORD_HASH_METHOD_MD5 = "MD5";
    public static final String ATTR_NAME_CN = "cn";
    public static final String ATTR_NAME_SN = "sn";
    protected static final String KRB5_PRINCIPAL_NAME_ATTRIBUTE = "krb5PrincipalName";
    protected static final String KRB5_KEY_VERSION_NUMBER_ATTRIBUTE = "krb5KeyVersionNumber";
    protected static final String EMPTY_ATTRIBUTE_STRING = "";
    private static final String MULTI_ATTRIBUTE_SEPARATOR_DESCRIPTION = "This is the separator for multiple claim values";
    private static final String MULTI_ATTRIBUTE_SEPARATOR = "MultiAttributeSeparator";
    private static final String LDAPConnectionTimeout = "LDAPConnectionTimeout";
    private static final String LDAPConnectionTimeoutDescription = "LDAP Connection Timeout";
    private static final String readTimeout = "ReadTimeout";
    private static final String readTimeoutDescription = "Configure this to define the read timeout for LDAP operations";
    private static final String RETRY_ATTEMPTS = "RetryAttempts";
    private static final String LDAPBinaryAttributesDescription = "Configure this to define the LDAP binary attributes seperated by a space. Ex:mpegVideo mySpecialKey";
    private static final String BULK_IMPORT_SUPPORT = "BulkImportSupported";
    protected Random random;
    protected boolean kdcEnabled;
    private static final ArrayList<Property> RW_LDAP_UM_ADVANCED_PROPERTIES = new ArrayList<>();
    protected static boolean isFirstStartup = true;
    private static Log logger = LogFactory.getLog((Class<?>) ReadWriteLDAPUserStoreManager.class);
    private static Log log = LogFactory.getLog((Class<?>) ReadWriteLDAPUserStoreManager.class);

    public ReadWriteLDAPUserStoreManager() {
        this.random = new Random();
        this.kdcEnabled = false;
    }

    public ReadWriteLDAPUserStoreManager(RealmConfiguration realmConfiguration, Map<String, Object> map, ClaimManager claimManager, ProfileConfigurationManager profileConfigurationManager, UserRealm userRealm, Integer num) throws UserStoreException {
        super(realmConfiguration, map, claimManager, profileConfigurationManager, userRealm, num, true);
        this.random = new Random();
        this.kdcEnabled = false;
        if (log.isDebugEnabled()) {
            log.debug("Read-Write UserStoreManager initialization started " + System.currentTimeMillis());
        }
        this.realmConfig = realmConfiguration;
        this.claimManager = claimManager;
        this.userRealm = userRealm;
        this.tenantId = num.intValue();
        this.kdcEnabled = UserCoreUtil.isKdcEnabled(realmConfiguration);
        checkRequiredUserStoreConfigurations();
        this.dataSource = (DataSource) map.get(UserCoreConstants.DATA_SOURCE);
        if (this.dataSource == null) {
            this.dataSource = DatabaseUtil.getRealmDataSource(realmConfiguration);
        }
        if (this.dataSource == null) {
            throw new UserStoreException("Data Source is null");
        }
        map.put(UserCoreConstants.DATA_SOURCE, this.dataSource);
        isFirstStartup = ((Boolean) map.get(UserCoreConstants.FIRST_STARTUP_CHECK)).booleanValue();
        this.hybridRoleManager = new HybridRoleManager(this.dataSource, num.intValue(), realmConfiguration, this.userRealm);
        this.connectionSource = (LDAPConnectionContext) map.get(UserCoreConstants.LDAP_CONNECTION_SOURCE);
        if (this.connectionSource == null) {
            this.connectionSource = new LDAPConnectionContext(realmConfiguration);
        }
        DirContext dirContext = null;
        try {
            try {
                dirContext = this.connectionSource.getContext();
                log.info("LDAP connection created successfully in read-write mode");
                JNDIUtil.closeContext(dirContext);
            } catch (Exception e) {
                log.error("Cannot create connection to LDAP server. Connection URL: " + realmConfiguration.getUserStoreProperty("ConnectionURL") + " Error message: " + e.getMessage());
                JNDIUtil.closeContext(dirContext);
            }
            this.userRealm = userRealm;
            persistDomain();
            doInitialSetup();
            if (realmConfiguration.isPrimary()) {
                addInitialAdminData(Boolean.parseBoolean(realmConfiguration.getAddAdmin()), !isInitSetupDone());
            }
            initUserRolesCache();
            initUserCache();
            if (log.isDebugEnabled()) {
                log.debug("Read-Write UserStoreManager initialization ended " + System.currentTimeMillis());
            }
        } catch (Throwable th) {
            JNDIUtil.closeContext(dirContext);
            throw th;
        }
    }

    public ReadWriteLDAPUserStoreManager(RealmConfiguration realmConfiguration, ClaimManager claimManager, ProfileConfigurationManager profileConfigurationManager) throws UserStoreException {
        super(realmConfiguration, claimManager, profileConfigurationManager);
        this.random = new Random();
        this.kdcEnabled = false;
    }

    @Override // org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager, org.wso2.carbon.user.core.UserStoreManager, org.wso2.carbon.user.api.UserStoreManager
    public boolean isReadOnly() {
        return false;
    }

    protected String getRealmName() {
        String userStoreProperty = this.realmConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.DEFAULT_REALM_NAME);
        if (userStoreProperty != null) {
            return userStoreProperty;
        }
        String[] split = this.realmConfig.getUserStoreProperty("UserSearchBase").split("dc=");
        StringBuilder sb = new StringBuilder();
        for (String str : split) {
            if (!str.contains("=")) {
                String trim = str.trim();
                if (trim.endsWith(",")) {
                    sb.append(trim.replace(',', '.'));
                } else {
                    sb.append(trim);
                }
            }
        }
        return sb.toString().toUpperCase(Locale.ENGLISH);
    }

    @Override // org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager
    public void doAddUser(String str, Object obj, String[] strArr, Map<String, String> map, String str2) throws UserStoreException {
        doAddUser(str, obj, strArr, map, str2, false);
    }

    @Override // org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager, org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public void doAddUser(String str, Object obj, String[] strArr, Map<String, String> map, String str2, boolean z) throws UserStoreException {
        DirContext searchBaseDirectoryContext = getSearchBaseDirectoryContext();
        BasicAttributes addUserBasicAttributes = getAddUserBasicAttributes(str);
        BasicAttribute basicAttribute = new BasicAttribute("userPassword");
        if (this.realmConfig.getUserStoreProperty("PasswordHashMethod") == null) {
            this.realmConfig.getUserStoreProperty("passwordHashMethod");
        }
        byte[] passwordToStore = UserCoreUtil.getPasswordToStore(obj, this.realmConfig.getUserStoreProperty("PasswordHashMethod"), this.kdcEnabled);
        basicAttribute.add(passwordToStore);
        addUserBasicAttributes.put(basicAttribute);
        setUserClaims(map, addUserBasicAttributes, str);
        try {
            try {
                Name parse = searchBaseDirectoryContext.getNameParser("").parse(this.realmConfig.getUserStoreProperty("UserNameAttribute") + "=" + escapeSpecialCharactersForDN(str));
                if (log.isDebugEnabled()) {
                    log.debug("Binding user: " + parse);
                }
                searchBaseDirectoryContext.bind(parse, (Object) null, addUserBasicAttributes);
                JNDIUtil.closeContext(searchBaseDirectoryContext);
                UserCoreUtil.clearSensitiveBytes(passwordToStore);
                if (strArr == null || strArr.length <= 0) {
                    return;
                }
                try {
                    doUpdateRoleListOfUser(str, null, strArr);
                    if (log.isDebugEnabled()) {
                        log.debug("Roles are added for user  : " + str + " successfully.");
                    }
                } catch (UserStoreException e) {
                    String str3 = "User is added. But error while updating role list of user : " + str;
                    if (log.isDebugEnabled()) {
                        log.debug(str3, e);
                    }
                    throw new UserStoreException(str3, e);
                }
            } catch (Throwable th) {
                JNDIUtil.closeContext(searchBaseDirectoryContext);
                UserCoreUtil.clearSensitiveBytes(passwordToStore);
                throw th;
            }
        } catch (NamingException e2) {
            String str4 = "Cannot access the directory context or user already exists in the system for user :" + str;
            if (log.isDebugEnabled()) {
                log.debug(str4, e2);
            }
            throw new UserStoreException(str4, e2);
        }
    }

    protected void doAddUserValidityChecks(String str, Object obj) throws UserStoreException {
        if (!checkUserNameValid(str)) {
            throw new UserStoreException("User name not valid. User name must be a non null string with following format, " + this.realmConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_USER_NAME_JAVA_REG_EX));
        }
        if (checkUserPasswordValid(obj)) {
            if (isExistingUser(str)) {
                throw new UserStoreException("User " + str + " already exist in the LDAP");
            }
        } else {
            String userStoreProperty = this.realmConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_USER_NAME_JAVA_REG_EX);
            if (StringUtils.isEmpty(userStoreProperty) || StringUtils.isEmpty(userStoreProperty.trim())) {
                userStoreProperty = this.realmConfig.getUserStoreProperty("UserNameJavaRegEx");
            }
            throw new UserStoreException("Credential not valid. Credential must be a non null string with following format, " + userStoreProperty);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public DirContext getSearchBaseDirectoryContext() throws UserStoreException {
        DirContext context = this.connectionSource.getContext();
        try {
            try {
                DirContext dirContext = (DirContext) context.lookup(escapeDNForSearch(this.realmConfig.getUserStoreProperty("UserSearchBase").split("#")[0]));
                JNDIUtil.closeContext(context);
                return dirContext;
            } catch (NamingException e) {
                if (log.isDebugEnabled()) {
                    log.debug("Can not access the directory context oruser already exists in the system", e);
                }
                throw new UserStoreException("Can not access the directory context oruser already exists in the system", e);
            }
        } catch (Throwable th) {
            JNDIUtil.closeContext(context);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public BasicAttributes getAddUserBasicAttributes(String str) {
        BasicAttributes basicAttributes = new BasicAttributes(true);
        String userStoreProperty = this.realmConfig.getUserStoreProperty("UserEntryObjectClass");
        BasicAttribute basicAttribute = new BasicAttribute("objectClass");
        for (String str2 : userStoreProperty.split("/")) {
            if (str2 != null && !str2.trim().equals("")) {
                basicAttribute.add(str2.trim());
            }
        }
        if (this.kdcEnabled) {
            basicAttribute.add("krb5principal");
            basicAttribute.add("krb5kdcentry");
            basicAttribute.add("subschema");
        }
        basicAttributes.put(basicAttribute);
        BasicAttribute basicAttribute2 = new BasicAttribute(this.realmConfig.getUserStoreProperty("UserNameAttribute"));
        basicAttribute2.add(str);
        basicAttributes.put(basicAttribute2);
        if (this.kdcEnabled) {
            CarbonContext threadLocalCarbonContext = CarbonContext.getThreadLocalCarbonContext();
            if (threadLocalCarbonContext != null) {
                String tenantDomain = threadLocalCarbonContext.getTenantDomain();
                str = !"carbon.super".equals(tenantDomain) ? str + "_" + tenantDomain : str + "_carbon.super";
            }
            String str3 = str + "@" + getRealmName();
            BasicAttribute basicAttribute3 = new BasicAttribute(KRB5_PRINCIPAL_NAME_ATTRIBUTE);
            basicAttribute3.add(str3);
            basicAttributes.put(basicAttribute3);
            BasicAttribute basicAttribute4 = new BasicAttribute(KRB5_KEY_VERSION_NUMBER_ATTRIBUTE);
            basicAttribute4.add("0");
            basicAttributes.put(basicAttribute4);
        }
        return basicAttributes;
    }

    protected void setUserClaims(Map<String, String> map, BasicAttributes basicAttributes, String str) throws UserStoreException {
        boolean isDebugEnabled = log.isDebugEnabled();
        log.debug("Processing user claims");
        boolean z = false;
        boolean z2 = false;
        if (map != null) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                if (!"".equals(entry.getValue())) {
                    String key = entry.getKey();
                    if (isDebugEnabled) {
                        log.debug("Claim URI: " + key);
                    }
                    try {
                        String claimAtrribute = getClaimAtrribute(key, str, null);
                        if ("cn".equals(claimAtrribute)) {
                            z2 = true;
                        } else if ("sn".equals(claimAtrribute)) {
                            z = true;
                        }
                        if (isDebugEnabled) {
                            log.debug("Mapped attribute: " + claimAtrribute);
                            log.debug("Attribute value: " + map.get(entry.getKey()));
                        }
                        BasicAttribute basicAttribute = new BasicAttribute(claimAtrribute);
                        basicAttribute.add(map.get(entry.getKey()));
                        basicAttributes.put(basicAttribute);
                    } catch (org.wso2.carbon.user.api.UserStoreException e) {
                        throw new UserStoreException("Error in obtaining claim mapping.", e);
                    }
                }
            }
        }
        if (!z2) {
            BasicAttribute basicAttribute2 = new BasicAttribute("cn");
            basicAttribute2.add(str);
            basicAttributes.put(basicAttribute2);
        }
        if (z) {
            return;
        }
        BasicAttribute basicAttribute3 = new BasicAttribute("sn");
        basicAttribute3.add(str);
        basicAttributes.put(basicAttribute3);
    }

    @Override // org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager, org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public void doDeleteUser(String str) throws UserStoreException {
        String[] doGetSharedRoleListOfUser;
        if (log.isDebugEnabled()) {
            log.debug("Deleting user: " + str);
        }
        String userStoreProperty = this.realmConfig.getUserStoreProperty("UserNameAttribute");
        String replace = this.realmConfig.getUserStoreProperty("UserNameSearchFilter").replace("?", escapeSpecialCharactersForFilter(str));
        String[] strArr = {userStoreProperty};
        DirContext context = this.connectionSource.getContext();
        NamingEnumeration<SearchResult> searchInUserBase = searchInUserBase(replace, strArr, 2, context);
        NamingEnumeration<SearchResult> namingEnumeration = null;
        DirContext dirContext = null;
        SearchResult searchResult = null;
        String str2 = null;
        while (searchInUserBase.hasMore()) {
            try {
                try {
                    searchResult = (SearchResult) searchInUserBase.next();
                    str2 = searchResult.getName();
                    log.debug("User DN: " + str2);
                } catch (NamingException e) {
                    String str3 = "Error occurred while deleting the user : " + str;
                    if (log.isDebugEnabled()) {
                        log.debug(str3, e);
                    }
                    throw new UserStoreException(str3, e);
                }
            } catch (Throwable th) {
                JNDIUtil.closeNamingEnumeration(null);
                JNDIUtil.closeNamingEnumeration(searchInUserBase);
                JNDIUtil.closeContext(null);
                JNDIUtil.closeContext(context);
                throw th;
            }
        }
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(Arrays.asList(doGetExternalRoleListOfUser(str, "*")));
        if (isSharedGroupEnabled() && (doGetSharedRoleListOfUser = doGetSharedRoleListOfUser(null, str, "*")) != null) {
            arrayList.addAll(Arrays.asList(doGetSharedRoleListOfUser));
        }
        String[] strArr2 = (String[]) arrayList.toArray(new String[arrayList.size()]);
        if (strArr2.length != 0) {
            String[] strArr3 = {this.realmConfig.getUserStoreProperty("MembershipAttribute")};
            for (String str4 : strArr2) {
                RoleContext createRoleContext = createRoleContext(str4);
                String searchBase = ((LDAPRoleContext) createRoleContext).getSearchBase();
                String searchFilter = ((LDAPRoleContext) createRoleContext).getSearchFilter();
                String roleName = createRoleContext.getRoleName();
                if (roleName.indexOf(CarbonConstants.DOMAIN_SEPARATOR) > -1) {
                    roleName = roleName.split(CarbonConstants.DOMAIN_SEPARATOR)[1];
                }
                namingEnumeration = searchInGroupBase(searchFilter.replace("?", escapeSpecialCharactersForFilter(roleName)), strArr3, 2, context, searchBase);
                SearchResult searchResult2 = null;
                while (namingEnumeration.hasMore()) {
                    searchResult2 = (SearchResult) namingEnumeration.next();
                }
                if (isOnlyUserInRole(str2, searchResult2) && !this.emptyRolesAllowed) {
                    throw new UserStoreException("User: " + str + " is the only user in " + roleName + ".There should be at least one user in the role. Hence can not delete the user.");
                }
            }
            doUpdateRoleListOfUser(str, strArr2, new String[0]);
        }
        if (searchResult != null && searchResult.getAttributes().get(userStoreProperty).get().toString().toLowerCase().equals(str.toLowerCase())) {
            if (log.isDebugEnabled()) {
                log.debug("Deleting " + str2 + " with search base " + this.userSearchBase);
            }
            dirContext = (DirContext) context.lookup(escapeDNForSearch(this.userSearchBase));
            dirContext.destroySubcontext(str2);
        }
        removeFromUserCache(str);
        JNDIUtil.closeNamingEnumeration(namingEnumeration);
        JNDIUtil.closeNamingEnumeration(searchInUserBase);
        JNDIUtil.closeContext(dirContext);
        JNDIUtil.closeContext(context);
    }

    @Override // org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager, org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public void doUpdateCredential(String str, Object obj, Object obj2) throws UserStoreException {
        DirContext context = this.connectionSource.getContext();
        DirContext dirContext = null;
        String userStoreProperty = this.realmConfig.getUserStoreProperty("UserSearchBase");
        String replace = this.realmConfig.getUserStoreProperty("UserNameSearchFilter").replace("?", escapeSpecialCharactersForFilter(str));
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(new String[]{"userPassword"});
        try {
            try {
                NamingEnumeration search = context.search(escapeDNForSearch(userStoreProperty), replace, searchControls);
                SearchResult searchResult = null;
                String userStoreProperty2 = this.realmConfig.getUserStoreProperty("PasswordHashMethod");
                if (userStoreProperty2 == null) {
                    userStoreProperty2 = this.realmConfig.getUserStoreProperty("passwordHashMethod");
                }
                while (search.hasMore()) {
                    searchResult = (SearchResult) search.next();
                    String name = searchResult.getName();
                    dirContext = (DirContext) context.lookup(escapeDNForSearch(userStoreProperty));
                    byte[] passwordToStore = UserCoreUtil.getPasswordToStore(obj, userStoreProperty2, this.kdcEnabled);
                    try {
                        BasicAttribute basicAttribute = new BasicAttribute("userPassword");
                        basicAttribute.add(passwordToStore);
                        BasicAttributes basicAttributes = new BasicAttributes(true);
                        basicAttributes.put(basicAttribute);
                        dirContext.modifyAttributes(name, 2, basicAttributes);
                        UserCoreUtil.clearSensitiveBytes(passwordToStore);
                    } catch (Throwable th) {
                        UserCoreUtil.clearSensitiveBytes(passwordToStore);
                        throw th;
                    }
                }
                if (searchResult.getNameInNamespace().equals(this.realmConfig.getUserStoreProperty("ConnectionName"))) {
                    this.connectionSource.updateCredential(obj);
                }
                JNDIUtil.closeNamingEnumeration(null);
                JNDIUtil.closeNamingEnumeration(search);
                JNDIUtil.closeContext(dirContext);
                JNDIUtil.closeContext(context);
            } catch (NamingException e) {
                String str2 = "Can not access the directory service for user : " + str;
                if (log.isDebugEnabled()) {
                    log.debug(str2, e);
                }
                throw new UserStoreException(str2, e);
            }
        } catch (Throwable th2) {
            JNDIUtil.closeNamingEnumeration(null);
            JNDIUtil.closeNamingEnumeration(null);
            JNDIUtil.closeContext(null);
            JNDIUtil.closeContext(context);
            throw th2;
        }
    }

    @Override // org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager, org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public void doUpdateCredentialByAdmin(String str, Object obj) throws UserStoreException {
        DirContext context = this.connectionSource.getContext();
        DirContext dirContext = null;
        String userStoreProperty = this.realmConfig.getUserStoreProperty("UserSearchBase");
        String replace = this.realmConfig.getUserStoreProperty("UserNameSearchFilter").replace("?", escapeSpecialCharactersForFilter(str));
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(new String[]{"userPassword"});
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                NamingEnumeration search = context.search(escapeDNForSearch(userStoreProperty), replace, searchControls);
                SearchResult searchResult = null;
                while (search.hasMore()) {
                    searchResult = (SearchResult) search.next();
                    String userStoreProperty2 = this.realmConfig.getUserStoreProperty("PasswordHashMethod");
                    if (userStoreProperty2 == null) {
                        userStoreProperty2 = this.realmConfig.getUserStoreProperty("passwordHashMethod");
                    }
                    if (!UserCoreConstants.RealmConfig.PASSWORD_HASH_METHOD_PLAIN_TEXT.equalsIgnoreCase(userStoreProperty2)) {
                        namingEnumeration = searchResult.getAttributes().get("userPassword").getAll();
                        if (namingEnumeration.hasMore()) {
                            String str2 = new String((byte[]) namingEnumeration.next());
                            if (str2.startsWith("{")) {
                                userStoreProperty2 = str2.substring(str2.indexOf(UCharacter.UnicodeBlock.CYPRIOT_SYLLABARY_ID) + 1, str2.indexOf(UCharacter.UnicodeBlock.VARIATION_SELECTORS_SUPPLEMENT_ID));
                            }
                        }
                    }
                    String name = searchResult.getName();
                    dirContext = (DirContext) context.lookup(escapeDNForSearch(userStoreProperty));
                    byte[] passwordToStore = UserCoreUtil.getPasswordToStore(obj, userStoreProperty2, this.kdcEnabled);
                    try {
                        BasicAttribute basicAttribute = new BasicAttribute("userPassword");
                        basicAttribute.add(passwordToStore);
                        BasicAttributes basicAttributes = new BasicAttributes(true);
                        basicAttributes.put(basicAttribute);
                        dirContext.modifyAttributes(name, 2, basicAttributes);
                        UserCoreUtil.clearSensitiveBytes(passwordToStore);
                    } catch (Throwable th) {
                        UserCoreUtil.clearSensitiveBytes(passwordToStore);
                        throw th;
                    }
                }
                if (searchResult.getNameInNamespace().equals(this.realmConfig.getUserStoreProperty("ConnectionName"))) {
                    this.connectionSource.updateCredential(obj);
                }
                JNDIUtil.closeNamingEnumeration(namingEnumeration);
                JNDIUtil.closeNamingEnumeration(search);
                JNDIUtil.closeContext(dirContext);
                JNDIUtil.closeContext(context);
            } catch (NamingException e) {
                String str3 = "Can not access the directory service for user : " + str;
                if (log.isDebugEnabled()) {
                    log.debug(str3, e);
                }
                throw new UserStoreException(str3, e);
            }
        } catch (Throwable th2) {
            JNDIUtil.closeNamingEnumeration(null);
            JNDIUtil.closeNamingEnumeration(null);
            JNDIUtil.closeContext(null);
            JNDIUtil.closeContext(context);
            throw th2;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void doUpdateCredentialsValidityChecks(String str, Object obj) throws UserStoreException {
        if (!isExistingUser(str)) {
            throw new UserStoreException("User " + str + " does not exisit in the user store");
        }
        if (!checkUserPasswordValid(obj)) {
            throw new UserStoreException("Credential not valid. Credential must be a non null string with following format, " + this.realmConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_JAVA_REG_EX));
        }
    }

    @Override // org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager, org.wso2.carbon.user.core.UserStoreManager
    public Map<String, String> getProperties(Tenant tenant) throws UserStoreException {
        Map<String, String> userStoreProperties = this.realmConfig.getUserStoreProperties();
        String tenantSuffix = getTenantSuffix(tenant.getDomain());
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, String> entry : userStoreProperties.entrySet()) {
            String key = entry.getKey();
            if (key.equals("UserSearchBase")) {
                hashMap.put(key, tenantSuffix);
            } else {
                hashMap.put(key, entry.getValue());
            }
        }
        return hashMap;
    }

    private String getTenantSuffix(String str) {
        String[] split = str.split("\\.");
        StringBuffer stringBuffer = new StringBuffer();
        for (String str2 : split) {
            stringBuffer.append(",dc=").append(str2);
        }
        return stringBuffer.toString().replaceFirst(",", "");
    }

    /* JADX WARN: Finally extract failed */
    @Override // org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager, org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public void doSetUserClaimValues(String str, Map<String, String> map, String str2) throws UserStoreException {
        DirContext context = this.connectionSource.getContext();
        DirContext dirContext = null;
        String userStoreProperty = this.realmConfig.getUserStoreProperty("UserSearchBase");
        String userStoreProperty2 = this.realmConfig.getUserStoreProperty("UserNameSearchFilter");
        String[] split = str.split(CarbonConstants.DOMAIN_SEPARATOR);
        if (split.length > 1) {
            str = split[1];
        }
        String replace = userStoreProperty2.replace("?", escapeSpecialCharactersForFilter(str));
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes((String[]) null);
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                namingEnumeration = context.search(escapeDNForSearch(userStoreProperty), replace, searchControls);
                String name = namingEnumeration.hasMore() ? ((SearchResult) namingEnumeration.next()).getName() : "";
                JNDIUtil.closeNamingEnumeration(namingEnumeration);
                if (str2 == null) {
                }
                if (map.get(UserCoreConstants.PROFILE_CONFIGURATION) == null) {
                    map.put(UserCoreConstants.PROFILE_CONFIGURATION, "default");
                }
                try {
                    try {
                        BasicAttributes basicAttributes = new BasicAttributes(true);
                        for (Map.Entry<String, String> entry : map.entrySet()) {
                            String key = entry.getKey();
                            if (!key.equals(UserCoreConstants.PROFILE_CONFIGURATION)) {
                                String claimAtrribute = getClaimAtrribute(key, str, null);
                                if (this.realmConfig.getUserStoreProperty("UserNameAttribute").equals(claimAtrribute)) {
                                    removeFromUserCache(str);
                                }
                                if (claimAtrribute.equals("uid")) {
                                    String[] split2 = entry.getValue().split(CarbonConstants.DOMAIN_SEPARATOR);
                                    if (split2.length > 1) {
                                        entry.setValue(split2[1]);
                                    }
                                }
                                BasicAttribute basicAttribute = new BasicAttribute(claimAtrribute);
                                if ("".equals(entry.getValue())) {
                                    basicAttribute.clear();
                                } else {
                                    String str3 = ",";
                                    if (entry.getValue() == null || claimAtrribute.equals("uid") || claimAtrribute.equals("sn")) {
                                        basicAttribute.add(entry.getValue());
                                    } else {
                                        String userStoreProperty3 = this.realmConfig.getUserStoreProperty(MULTI_ATTRIBUTE_SEPARATOR);
                                        if (userStoreProperty3 != null && !userStoreProperty3.trim().isEmpty()) {
                                            str3 = userStoreProperty3;
                                        }
                                        if (entry.getValue().contains(str3)) {
                                            for (String str4 : entry.getValue().split(Pattern.quote(str3))) {
                                                if (str4 != null && str4.trim().length() > 0) {
                                                    basicAttribute.add(str4);
                                                }
                                            }
                                        } else {
                                            basicAttribute.add(entry.getValue());
                                        }
                                    }
                                }
                                basicAttributes.put(basicAttribute);
                            }
                        }
                        dirContext = (DirContext) context.lookup(escapeDNForSearch(userStoreProperty));
                        dirContext.modifyAttributes(name, 2, basicAttributes);
                        JNDIUtil.closeContext(dirContext);
                        JNDIUtil.closeContext(context);
                    } catch (Exception e) {
                        handleException(e, str);
                        JNDIUtil.closeContext(dirContext);
                        JNDIUtil.closeContext(context);
                    }
                } catch (Throwable th) {
                    JNDIUtil.closeContext(dirContext);
                    JNDIUtil.closeContext(context);
                    throw th;
                }
            } catch (NamingException e2) {
                String str5 = "Results could not be retrieved from the directory context for user : " + str;
                if (log.isDebugEnabled()) {
                    log.debug(str5, e2);
                }
                throw new UserStoreException(str5, e2);
            }
        } catch (Throwable th2) {
            JNDIUtil.closeNamingEnumeration(namingEnumeration);
            throw th2;
        }
    }

    @Override // org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager, org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public void doSetUserClaimValue(String str, String str2, String str3, String str4) throws UserStoreException {
        DirContext context = this.connectionSource.getContext();
        DirContext dirContext = null;
        String userStoreProperty = this.realmConfig.getUserStoreProperty("UserSearchBase");
        String userStoreProperty2 = this.realmConfig.getUserStoreProperty("UserNameSearchFilter");
        String[] split = str.split(CarbonConstants.DOMAIN_SEPARATOR);
        if (split.length > 1) {
            str = split[1];
        }
        String replace = userStoreProperty2.replace("?", escapeSpecialCharactersForFilter(str));
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes((String[]) null);
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                namingEnumeration = context.search(escapeDNForSearch(userStoreProperty), replace, searchControls);
                String name = ((SearchResult) namingEnumeration.next()).getName();
                JNDIUtil.closeNamingEnumeration(namingEnumeration);
                try {
                    try {
                        BasicAttributes basicAttributes = new BasicAttributes(true);
                        String claimAtrribute = getClaimAtrribute(str2, str, null);
                        BasicAttribute basicAttribute = new BasicAttribute(claimAtrribute);
                        if ("".equals(str3)) {
                            basicAttribute.clear();
                        } else if (claimAtrribute.equals("uid") || claimAtrribute.equals("sn")) {
                            basicAttribute.add(str3);
                        } else {
                            String str5 = ",";
                            String userStoreProperty3 = this.realmConfig.getUserStoreProperty(MULTI_ATTRIBUTE_SEPARATOR);
                            if (userStoreProperty3 != null && !userStoreProperty3.trim().isEmpty()) {
                                str5 = userStoreProperty3;
                            }
                            if (str3.contains(str5)) {
                                StringTokenizer stringTokenizer = new StringTokenizer(str3, str5);
                                while (stringTokenizer.hasMoreElements()) {
                                    String obj = stringTokenizer.nextElement().toString();
                                    if (obj != null && obj.trim().length() > 0) {
                                        basicAttribute.add(obj.trim());
                                    }
                                }
                            } else {
                                basicAttribute.add(str3);
                            }
                        }
                        basicAttributes.put(basicAttribute);
                        dirContext = (DirContext) context.lookup(escapeDNForSearch(userStoreProperty));
                        dirContext.modifyAttributes(name, 2, basicAttributes);
                        JNDIUtil.closeContext(dirContext);
                        JNDIUtil.closeContext(context);
                    } catch (Exception e) {
                        handleException(e, str);
                        JNDIUtil.closeContext(dirContext);
                        JNDIUtil.closeContext(context);
                    }
                } catch (Throwable th) {
                    JNDIUtil.closeContext(dirContext);
                    JNDIUtil.closeContext(context);
                    throw th;
                }
            } catch (NamingException e2) {
                String str6 = "Results could not be retrieved from the directory context for user : " + str;
                if (log.isDebugEnabled()) {
                    log.debug(str6, e2);
                }
                throw new UserStoreException(str6, e2);
            }
        } catch (Throwable th2) {
            JNDIUtil.closeNamingEnumeration(namingEnumeration);
            throw th2;
        }
    }

    @Override // org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager, org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public void doDeleteUserClaimValue(String str, String str2, String str3) throws UserStoreException {
        DirContext context = this.connectionSource.getContext();
        DirContext dirContext = null;
        String userStoreProperty = this.realmConfig.getUserStoreProperty("UserSearchBase");
        String replace = this.realmConfig.getUserStoreProperty("UserNameSearchFilter").replace("?", escapeSpecialCharactersForFilter(str));
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes((String[]) null);
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                namingEnumeration = context.search(escapeDNForSearch(userStoreProperty), replace, searchControls);
                String name = ((SearchResult) namingEnumeration.next()).getName();
                JNDIUtil.closeNamingEnumeration(namingEnumeration);
                try {
                    try {
                        BasicAttributes basicAttributes = new BasicAttributes(true);
                        basicAttributes.put(new BasicAttribute(getClaimAtrribute(str2, str, null)));
                        dirContext = (DirContext) context.lookup(escapeDNForSearch(userStoreProperty));
                        dirContext.modifyAttributes(name, 3, basicAttributes);
                        JNDIUtil.closeContext(dirContext);
                        JNDIUtil.closeContext(context);
                    } catch (Exception e) {
                        handleException(e, str);
                        JNDIUtil.closeContext(dirContext);
                        JNDIUtil.closeContext(context);
                    }
                } catch (Throwable th) {
                    JNDIUtil.closeContext(dirContext);
                    JNDIUtil.closeContext(context);
                    throw th;
                }
            } catch (NamingException e2) {
                String str4 = "Results could not be retrieved from the directory context for user : " + str;
                if (log.isDebugEnabled()) {
                    log.debug(str4, e2);
                }
                throw new UserStoreException(str4, e2);
            }
        } catch (Throwable th2) {
            JNDIUtil.closeNamingEnumeration(namingEnumeration);
            throw th2;
        }
    }

    @Override // org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager, org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public void doDeleteUserClaimValues(String str, String[] strArr, String str2) throws UserStoreException {
        DirContext context = this.connectionSource.getContext();
        DirContext dirContext = null;
        String userStoreProperty = this.realmConfig.getUserStoreProperty("UserSearchBase");
        String replace = this.realmConfig.getUserStoreProperty("UserNameSearchFilter").replace("?", escapeSpecialCharactersForFilter(str));
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes((String[]) null);
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                namingEnumeration = context.search(escapeDNForSearch(userStoreProperty), replace, searchControls);
                String name = ((SearchResult) namingEnumeration.next()).getName();
                JNDIUtil.closeNamingEnumeration(namingEnumeration);
                try {
                    try {
                        BasicAttributes basicAttributes = new BasicAttributes(true);
                        for (String str3 : strArr) {
                            basicAttributes.put(new BasicAttribute(getClaimAtrribute(str3, str, null)));
                        }
                        dirContext = (DirContext) context.lookup(escapeDNForSearch(userStoreProperty));
                        dirContext.modifyAttributes(name, 3, basicAttributes);
                        JNDIUtil.closeContext(dirContext);
                        JNDIUtil.closeContext(context);
                    } catch (Exception e) {
                        handleException(e, str);
                        JNDIUtil.closeContext(dirContext);
                        JNDIUtil.closeContext(context);
                    }
                } catch (Throwable th) {
                    JNDIUtil.closeContext(dirContext);
                    JNDIUtil.closeContext(context);
                    throw th;
                }
            } catch (NamingException e2) {
                String str4 = "Results could not be retrieved from the directory context for user : " + str;
                if (log.isDebugEnabled()) {
                    log.debug(str4, e2);
                }
                throw new UserStoreException(str4, e2);
            }
        } catch (Throwable th2) {
            JNDIUtil.closeNamingEnumeration(namingEnumeration);
            throw th2;
        }
    }

    @Override // org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager, org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public void doAddRole(String str, String[] strArr, boolean z) throws UserStoreException {
        RoleContext createRoleContext = createRoleContext(str);
        createRoleContext.setMembers(strArr);
        addLDAPRole(createRoleContext);
        if (z && isSharedGroupEnabled()) {
            addLDAPRole(createRoleContext(str + "@" + CarbonContext.getThreadLocalCarbonContext().getTenantDomain()));
        }
    }

    protected void addLDAPRole(RoleContext roleContext) throws UserStoreException {
        String roleName = roleContext.getRoleName();
        String[] members = roleContext.getMembers();
        String groupEntryObjectClass = ((LDAPRoleContext) roleContext).getGroupEntryObjectClass();
        String roleNameProperty = ((LDAPRoleContext) roleContext).getRoleNameProperty();
        String searchBase = ((LDAPRoleContext) roleContext).getSearchBase();
        if ((members == null || members.length == 0) && !this.emptyRolesAllowed) {
            throw new UserStoreException("Can not create empty role. There should be at least one user for the role.");
        }
        if (!(members == null && this.emptyRolesAllowed) && ((members == null || members.length <= 0 || this.emptyRolesAllowed) && !this.emptyRolesAllowed)) {
            return;
        }
        DirContext context = this.connectionSource.getContext();
        NamingEnumeration<SearchResult> namingEnumeration = null;
        try {
            try {
                BasicAttributes basicAttributes = new BasicAttributes(true);
                BasicAttribute basicAttribute = new BasicAttribute("objectClass");
                basicAttribute.add(groupEntryObjectClass);
                basicAttributes.put(basicAttribute);
                BasicAttribute basicAttribute2 = new BasicAttribute(roleNameProperty);
                basicAttribute2.add(roleName);
                basicAttributes.put(basicAttribute2);
                if (members != null && members.length > 0) {
                    BasicAttribute basicAttribute3 = new BasicAttribute(this.realmConfig.getUserStoreProperty("MembershipAttribute"));
                    for (String str : members) {
                        if (str != null && str.trim().length() != 0) {
                            namingEnumeration = searchInUserBase(this.realmConfig.getUserStoreProperty("UserNameSearchFilter").replace("?", escapeSpecialCharactersForFilter(str)), new String[0], 2, context);
                            if (!namingEnumeration.hasMore()) {
                                String str2 = "There is no user with the user name: " + str + " to be added to this role.";
                                logger.error(str2);
                                throw new UserStoreException(str2);
                            }
                            basicAttribute3.add(((SearchResult) namingEnumeration.next()).getNameInNamespace());
                        }
                    }
                    basicAttributes.put(basicAttribute3);
                }
                DirContext dirContext = (DirContext) context.lookup(escapeDNForSearch(searchBase));
                dirContext.bind(dirContext.getNameParser("").parse("cn=" + roleName), (Object) null, basicAttributes);
                JNDIUtil.closeNamingEnumeration(namingEnumeration);
                JNDIUtil.closeContext(dirContext);
                JNDIUtil.closeContext(context);
            } catch (NamingException e) {
                String str3 = "Role: " + roleName + " could not be added.";
                if (log.isDebugEnabled()) {
                    log.debug(str3, e);
                }
                throw new UserStoreException(str3, e);
            } catch (Exception e2) {
                String str4 = "Role: " + roleName + " could not be added.";
                if (log.isDebugEnabled()) {
                    log.debug(str4, e2);
                }
                throw new UserStoreException(str4, e2);
            }
        } catch (Throwable th) {
            JNDIUtil.closeNamingEnumeration(null);
            JNDIUtil.closeContext(null);
            JNDIUtil.closeContext(context);
            throw th;
        }
    }

    @Override // org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager, org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public void doUpdateRoleListOfUser(String str, String[] strArr, String[] strArr2) throws UserStoreException {
        String nameInSpaceForUserName = getNameInSpaceForUserName(str);
        String userStoreProperty = this.realmConfig.getUserStoreProperty("MembershipAttribute");
        String userStoreProperty2 = this.realmConfig.getUserStoreProperty("GroupNameAttribute");
        DirContext context = this.connectionSource.getContext();
        try {
            if (strArr != null) {
                try {
                    if (strArr.length != 0) {
                        for (String str2 : strArr) {
                            LDAPRoleContext lDAPRoleContext = (LDAPRoleContext) createRoleContext(str2);
                            String roleName = lDAPRoleContext.getRoleName();
                            NamingEnumeration<SearchResult> searchInGroupBase = searchInGroupBase(lDAPRoleContext.getSearchFilter().replace("?", escapeSpecialCharactersForFilter(roleName)), new String[]{userStoreProperty}, 2, context, lDAPRoleContext.getSearchBase());
                            SearchResult searchResult = searchInGroupBase.hasMore() ? (SearchResult) searchInGroupBase.next() : null;
                            if (searchResult != null && isOnlyUserInRole(nameInSpaceForUserName, searchResult) && !this.emptyRolesAllowed) {
                                throw new UserStoreException(str + " is the only user in the role: " + roleName + ". Hence can not delete user from role.");
                            }
                            JNDIUtil.closeNamingEnumeration(searchInGroupBase);
                        }
                        for (String str3 : strArr) {
                            if (StringUtils.isNotEmpty(str3)) {
                                LDAPRoleContext lDAPRoleContext2 = (LDAPRoleContext) createRoleContext(str3);
                                String roleName2 = lDAPRoleContext2.getRoleName();
                                String searchFilter = lDAPRoleContext2.getSearchFilter();
                                if (!isExistingRole(roleName2)) {
                                    throw new UserStoreException("The role: " + URLEncoder.encode(roleName2, String.valueOf(StandardCharsets.UTF_8)) + " does not exist.");
                                }
                                String replace = searchFilter.replace("?", escapeSpecialCharactersForFilter(roleName2));
                                String[] strArr3 = {userStoreProperty, userStoreProperty2};
                                String searchBase = lDAPRoleContext2.getSearchBase();
                                NamingEnumeration<SearchResult> searchInGroupBase2 = searchInGroupBase(replace, strArr3, 2, context, searchBase);
                                SearchResult searchResult2 = null;
                                String str4 = null;
                                if (searchInGroupBase2.hasMore()) {
                                    searchResult2 = (SearchResult) searchInGroupBase2.next();
                                    str4 = getGroupName(searchResult2);
                                }
                                if (searchResult2 == null || !isUserInRole(nameInSpaceForUserName, searchResult2)) {
                                    throw new UserStoreException("User: " + URLEncoder.encode(str, String.valueOf(StandardCharsets.UTF_8)) + " does not belongs to role: " + URLEncoder.encode(roleName2, String.valueOf(StandardCharsets.UTF_8)));
                                }
                                modifyUserInRole(nameInSpaceForUserName, str4, 3, searchBase);
                                JNDIUtil.closeNamingEnumeration(searchInGroupBase2);
                                this.userRealm.getAuthorizationManager().clearUserAuthorization(UserCoreUtil.addDomainToName(str, getMyDomainName()));
                            }
                        }
                    }
                } catch (NamingException e) {
                    String str5 = "Error occurred while modifying the role list of user: " + str;
                    if (log.isDebugEnabled()) {
                        log.debug(str5, e);
                    }
                    throw new UserStoreException(str5, e);
                } catch (UnsupportedEncodingException e2) {
                    if (log.isDebugEnabled()) {
                        log.debug("Error occurred while encoding the role value.", e2);
                    }
                    throw new UserStoreException("Error occurred while encoding the role value.", e2);
                }
            }
            if (strArr2 != null && strArr2.length != 0) {
                for (String str6 : strArr2) {
                    if (StringUtils.isNotEmpty(str6)) {
                        LDAPRoleContext lDAPRoleContext3 = (LDAPRoleContext) createRoleContext(str6);
                        String roleName3 = lDAPRoleContext3.getRoleName();
                        String searchFilter2 = lDAPRoleContext3.getSearchFilter();
                        if (!isExistingRole(roleName3)) {
                            throw new UserStoreException("The role: " + URLEncoder.encode(roleName3, String.valueOf(StandardCharsets.UTF_8)) + " does not exist.");
                        }
                        String replace2 = searchFilter2.replace("?", escapeSpecialCharactersForFilter(roleName3));
                        String[] strArr4 = {userStoreProperty, userStoreProperty2};
                        String searchBase2 = lDAPRoleContext3.getSearchBase();
                        NamingEnumeration<SearchResult> searchInGroupBase3 = searchInGroupBase(replace2, strArr4, 2, context, searchBase2);
                        SearchResult searchResult3 = null;
                        String str7 = null;
                        if (searchInGroupBase3.hasMore()) {
                            searchResult3 = (SearchResult) searchInGroupBase3.next();
                            str7 = getGroupName(searchResult3);
                        }
                        if (searchResult3 == null || isUserInRole(nameInSpaceForUserName, searchResult3)) {
                            throw new UserStoreException("User: " + str + " already belongs to role: " + str7);
                        }
                        modifyUserInRole(nameInSpaceForUserName, str7, 1, searchBase2);
                        JNDIUtil.closeNamingEnumeration(searchInGroupBase3);
                    }
                }
            }
        } finally {
            JNDIUtil.closeContext(context);
        }
    }

    private String getGroupName(SearchResult searchResult) throws NamingException {
        Attribute attribute = searchResult.getAttributes().get(this.realmConfig.getUserStoreProperty("GroupNameAttribute"));
        if (attribute == null) {
            return searchResult.getName();
        }
        return this.realmConfig.getUserStoreProperty("GroupNameAttribute") + "=" + ((String) attribute.get());
    }

    @Override // org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager, org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public void doUpdateUserListOfRole(String str, String[] strArr, String[] strArr2) throws UserStoreException {
        LDAPRoleContext lDAPRoleContext = (LDAPRoleContext) createRoleContext(str);
        String roleName = lDAPRoleContext.getRoleName();
        String searchFilter = lDAPRoleContext.getSearchFilter();
        if (!isExistingLDAPRole(lDAPRoleContext)) {
            String str2 = "The role: " + roleName + " does not exist.";
            if (log.isDebugEnabled()) {
                log.debug(str2);
            }
            throw new UserStoreException(str2);
        }
        DirContext context = this.connectionSource.getContext();
        try {
            try {
                String replace = searchFilter.replace("?", escapeSpecialCharactersForFilter(roleName));
                String userStoreProperty = this.realmConfig.getUserStoreProperty("MembershipAttribute");
                String[] strArr3 = {userStoreProperty, this.realmConfig.getUserStoreProperty("GroupNameAttribute")};
                String searchBase = lDAPRoleContext.getSearchBase();
                NamingEnumeration<SearchResult> searchInGroupBase = searchInGroupBase(replace, strArr3, 2, context, searchBase);
                SearchResult searchResult = null;
                String str3 = null;
                while (searchInGroupBase.hasMoreElements()) {
                    searchResult = (SearchResult) searchInGroupBase.next();
                    str3 = getGroupName(searchResult);
                }
                Attribute attribute = searchResult.getAttributes().get(userStoreProperty);
                if (!this.emptyRolesAllowed && (strArr2.length - strArr.length) + attribute.size() == 0) {
                    throw new UserStoreException("There should be at least one member in the role. Hence can not delete all the members.");
                }
                ArrayList arrayList = new ArrayList();
                ArrayList<String> arrayList2 = new ArrayList();
                HashMap hashMap = new HashMap();
                if (strArr2 != null && strArr2.length != 0) {
                    String str4 = "";
                    String str5 = "";
                    for (String str6 : strArr2) {
                        if (!StringUtils.isEmpty(str6)) {
                            String nameInSpaceForUserName = getNameInSpaceForUserName(str6);
                            if (nameInSpaceForUserName == null) {
                                str4 = str4 + str6 + " ";
                            } else if (isUserInRole(nameInSpaceForUserName, searchResult)) {
                                str5 = str5 + nameInSpaceForUserName + ",";
                            } else {
                                arrayList.add(nameInSpaceForUserName);
                            }
                        }
                    }
                    if (!StringUtils.isEmpty(str4) || !StringUtils.isEmpty(str5)) {
                        throw new UserStoreException((StringUtils.isEmpty(str4) ? "" : "'" + str4 + "' not in the user store. ") + (StringUtils.isEmpty(str5) ? "" : "'" + str5 + "' already belong to the role : " + roleName));
                    }
                }
                if (strArr != null && strArr.length != 0) {
                    String str7 = "";
                    for (String str8 : strArr) {
                        if (!StringUtils.isEmpty(str8)) {
                            String nameInSpaceForUserName2 = getNameInSpaceForUserName(str8);
                            if (nameInSpaceForUserName2 == null) {
                                str7 = str7 + str8 + ",";
                            } else {
                                arrayList2.add(nameInSpaceForUserName2);
                                hashMap.put(nameInSpaceForUserName2, str8);
                            }
                        }
                    }
                    if (!StringUtils.isEmpty(str7)) {
                        throw new UserStoreException("'" + str7 + "' not in the user store.");
                    }
                }
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    modifyUserInRole((String) it.next(), str3, 1, searchBase);
                }
                for (String str9 : arrayList2) {
                    modifyUserInRole(str9, str3, 3, searchBase);
                    this.userRealm.getAuthorizationManager().clearUserAuthorization(UserCoreUtil.addDomainToName((String) hashMap.get(str9), getMyDomainName()));
                }
                JNDIUtil.closeNamingEnumeration(searchInGroupBase);
                JNDIUtil.closeContext(context);
            } catch (NamingException e) {
                String str10 = "Error occurred while modifying the user list of role: " + roleName;
                if (log.isDebugEnabled()) {
                    log.debug(str10, e);
                }
                throw new UserStoreException(str10, e);
            }
        } catch (Throwable th) {
            JNDIUtil.closeNamingEnumeration(null);
            JNDIUtil.closeContext(context);
            throw th;
        }
    }

    protected void modifyUserInRole(String str, String str2, int i, String str3) throws UserStoreException {
        if (log.isDebugEnabled()) {
            logger.debug("Modifying role: " + str2 + " with type: " + i + " user: " + str + " in search base: " + str3);
        }
        DirContext dirContext = null;
        DirContext dirContext2 = null;
        try {
            try {
                dirContext = this.connectionSource.getContext();
                dirContext2 = (DirContext) dirContext.lookup(escapeDNForSearch(str3));
                String userStoreProperty = this.realmConfig.getUserStoreProperty("MembershipAttribute");
                BasicAttributes basicAttributes = new BasicAttributes(true);
                BasicAttribute basicAttribute = new BasicAttribute(userStoreProperty);
                basicAttribute.add(str);
                basicAttributes.put(basicAttribute);
                dirContext2.modifyAttributes(str2, i, basicAttributes);
                if (log.isDebugEnabled()) {
                    logger.debug("User: " + str + " was successfully modified in LDAP group: " + str2);
                }
                JNDIUtil.closeContext(dirContext2);
                JNDIUtil.closeContext(dirContext);
            } catch (NamingException e) {
                String str4 = "Error occurred while modifying user entry: " + str + " in LDAP role: " + str2;
                if (log.isDebugEnabled()) {
                    log.debug(str4, e);
                }
                throw new UserStoreException(str4);
            }
        } catch (Throwable th) {
            JNDIUtil.closeContext(dirContext2);
            JNDIUtil.closeContext(dirContext);
            throw th;
        }
    }

    protected boolean isUserInRole(String str, SearchResult searchResult) throws UserStoreException {
        try {
            Attributes attributes = searchResult.getAttributes();
            if (attributes != null) {
                NamingEnumeration all = attributes.getAll();
                while (all.hasMoreElements()) {
                    Attribute attribute = (Attribute) all.next();
                    if (this.realmConfig.getUserStoreProperty("MembershipAttribute").equalsIgnoreCase(attribute.getID())) {
                        for (int i = 0; i < attribute.size(); i++) {
                            if (str.equalsIgnoreCase((String) attribute.get(i))) {
                                return true;
                            }
                        }
                    }
                }
                all.close();
            }
            return false;
        } catch (NamingException e) {
            String str2 = "Error occurred while looping through attributes set of group: " + searchResult.getNameInNamespace();
            if (log.isDebugEnabled()) {
                log.debug(str2, e);
            }
            throw new UserStoreException(str2, e);
        }
    }

    protected boolean isOnlyUserInRole(String str, SearchResult searchResult) throws UserStoreException {
        try {
            Attributes attributes = searchResult.getAttributes();
            if (attributes != null) {
                NamingEnumeration all = attributes.getAll();
                while (all.hasMoreElements()) {
                    Attribute attribute = (Attribute) all.next();
                    if (this.realmConfig.getUserStoreProperty("MembershipAttribute").equals(attribute.getID()) && attribute.size() == 1 && str.equals(attribute.get())) {
                        return true;
                    }
                }
                all.close();
            }
            return false;
        } catch (NamingException e) {
            String str2 = "Error occurred while looping through attributes set of group: " + searchResult.getNameInNamespace();
            if (log.isDebugEnabled()) {
                log.debug(str2, e);
            }
            throw new UserStoreException(str2, e);
        }
    }

    protected void updateLDAPRoleName(RoleContext roleContext, String str) throws UserStoreException {
        String roleName = roleContext.getRoleName();
        String searchFilter = ((LDAPRoleContext) roleContext).getSearchFilter();
        String roleNameProperty = ((LDAPRoleContext) roleContext).getRoleNameProperty();
        String searchBase = ((LDAPRoleContext) roleContext).getSearchBase();
        DirContext context = this.connectionSource.getContext();
        try {
            try {
                NamingEnumeration<SearchResult> searchInGroupBase = searchInGroupBase(searchFilter.replace("?", escapeSpecialCharactersForFilter(roleName)), new String[]{roleNameProperty}, 2, context, searchBase);
                SearchResult searchResult = null;
                while (searchInGroupBase.hasMoreElements()) {
                    searchResult = (SearchResult) searchInGroupBase.next();
                }
                if (searchResult == null) {
                    throw new UserStoreException("Could not find user role " + roleName + " in LDAP server.");
                }
                String name = searchResult.getName();
                String str2 = roleNameProperty + "=" + str;
                DirContext dirContext = (DirContext) context.lookup(escapeDNForSearch(this.groupSearchBase));
                dirContext.rename(name, str2);
                this.userRealm.getAuthorizationManager().resetPermissionOnUpdateRole(UserCoreUtil.addDomainToName(roleName, getMyDomainName()), UserCoreUtil.addDomainToName(str, getMyDomainName()));
                JNDIUtil.closeNamingEnumeration(searchInGroupBase);
                JNDIUtil.closeContext(dirContext);
                JNDIUtil.closeContext(context);
            } catch (NamingException e) {
                String str3 = "Error occurred while modifying the name of role: " + roleName;
                if (log.isDebugEnabled()) {
                    log.debug(str3, e);
                }
                throw new UserStoreException(str3, e);
            }
        } catch (Throwable th) {
            JNDIUtil.closeNamingEnumeration(null);
            JNDIUtil.closeContext(null);
            JNDIUtil.closeContext(context);
            throw th;
        }
    }

    @Override // org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager, org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public void doUpdateRoleName(String str, String str2) throws UserStoreException {
        RoleContext createRoleContext = createRoleContext(str);
        updateLDAPRoleName(createRoleContext, str2);
        if (createRoleContext.isShared()) {
            updateLDAPRoleName(createRoleContext(str + "@" + CarbonContext.getThreadLocalCarbonContext().getTenantDomain()), str2);
        }
    }

    protected void deleteLDAPRole(RoleContext roleContext) throws UserStoreException {
        String roleName = roleContext.getRoleName();
        String replace = ((LDAPRoleContext) roleContext).getSearchFilter().replace("?", escapeSpecialCharactersForFilter(roleContext.getRoleName()));
        String[] strArr = {((LDAPRoleContext) roleContext).getRoleNameProperty()};
        String searchBase = ((LDAPRoleContext) roleContext).getSearchBase();
        try {
            try {
                DirContext context = this.connectionSource.getContext();
                NamingEnumeration<SearchResult> searchInGroupBase = searchInGroupBase(replace, strArr, 2, context, searchBase);
                SearchResult searchResult = null;
                while (searchInGroupBase.hasMoreElements()) {
                    searchResult = (SearchResult) searchInGroupBase.next();
                }
                if (searchResult == null) {
                    throw new UserStoreException("Could not find specified group/role - " + roleName);
                }
                DirContext dirContext = (DirContext) context.lookup(escapeDNForSearch(this.groupSearchBase));
                String str = (String) searchResult.getAttributes().get(this.realmConfig.getUserStoreProperty("GroupNameAttribute")).get();
                String str2 = this.realmConfig.getUserStoreProperty("GroupNameAttribute") + "=" + str;
                if (str.equals(roleName)) {
                    dirContext.destroySubcontext(str2);
                }
                JNDIUtil.closeNamingEnumeration(searchInGroupBase);
                JNDIUtil.closeContext(dirContext);
                JNDIUtil.closeContext(context);
            } catch (NamingException e) {
                String str3 = "Error occurred while deleting the role: " + roleName;
                if (log.isDebugEnabled()) {
                    log.debug(str3, e);
                }
                throw new UserStoreException(str3, e);
            }
        } catch (Throwable th) {
            JNDIUtil.closeNamingEnumeration(null);
            JNDIUtil.closeContext(null);
            JNDIUtil.closeContext(null);
            throw th;
        }
    }

    @Override // org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager, org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public void doDeleteRole(String str) throws UserStoreException {
        RoleContext createRoleContext = createRoleContext(str);
        deleteLDAPRole(createRoleContext);
        if (createRoleContext.isShared()) {
            deleteLDAPRole(createRoleContext(str + "@" + CarbonContext.getThreadLocalCarbonContext().getTenantDomain()));
        }
    }

    private NamingEnumeration<SearchResult> searchInUserBase(String str, String[] strArr, int i, DirContext dirContext) throws UserStoreException {
        if (log.isDebugEnabled()) {
            log.debug("Searching user with " + str);
        }
        String userStoreProperty = this.realmConfig.getUserStoreProperty("UserSearchBase");
        SearchControls searchControls = new SearchControls();
        searchControls.setReturningAttributes(strArr);
        searchControls.setSearchScope(i);
        try {
            return dirContext.search(escapeDNForSearch(userStoreProperty), str, searchControls);
        } catch (NamingException e) {
            if (log.isDebugEnabled()) {
                log.debug("Error occurred while searching in user base.", e);
            }
            throw new UserStoreException("Error occurred while searching in user base.", e);
        }
    }

    protected NamingEnumeration<SearchResult> searchInGroupBase(String str, String[] strArr, int i, DirContext dirContext, String str2) throws UserStoreException {
        SearchControls searchControls = new SearchControls();
        searchControls.setReturningAttributes(strArr);
        searchControls.setSearchScope(i);
        try {
            return dirContext.search(escapeDNForSearch(str2), str, searchControls);
        } catch (NamingException e) {
            if (log.isDebugEnabled()) {
                log.debug("Error occurred while searching in group base.", e);
            }
            throw new UserStoreException("Error occurred while searching in group base.", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager
    public void checkRequiredUserStoreConfigurations() throws UserStoreException {
        super.checkRequiredUserStoreConfigurations();
        String userStoreProperty = this.realmConfig.getUserStoreProperty("UserEntryObjectClass");
        if (userStoreProperty == null || userStoreProperty.equals("")) {
            throw new UserStoreException("Required UserEntryObjectClass property is not set at the LDAP configurations");
        }
        if (this.realmConfig.getUserStoreProperty("WriteGroups") != null) {
            this.writeGroupsEnabled = Boolean.parseBoolean(this.realmConfig.getUserStoreProperty("WriteGroups"));
        }
        if (log.isDebugEnabled()) {
            if (this.writeGroupsEnabled) {
                log.debug("WriteGroups is enabled for " + getMyDomainName());
            } else {
                log.debug("WriteGroups is disabled for " + getMyDomainName());
            }
        }
        if (this.writeGroupsEnabled) {
            this.readGroupsEnabled = true;
            log.debug("Read LDAP groups enabled: true");
        } else if (this.realmConfig.getUserStoreProperty("ReadGroups") != null) {
            this.readGroupsEnabled = Boolean.parseBoolean(this.realmConfig.getUserStoreProperty("ReadGroups"));
            log.debug("Read LDAP groups enabled: " + this.readGroupsEnabled);
        }
        this.emptyRolesAllowed = Boolean.parseBoolean(this.realmConfig.getUserStoreProperty("EmptyRolesAllowed"));
        String userStoreProperty2 = this.realmConfig.getUserStoreProperty("GroupEntryObjectClass");
        if (userStoreProperty2 == null || userStoreProperty2.equals("")) {
            throw new UserStoreException("Required GroupEntryObjectClass property is not set at the LDAP configurations");
        }
        this.userSearchBase = this.realmConfig.getUserStoreProperty("UserSearchBase");
        this.groupSearchBase = this.realmConfig.getUserStoreProperty("GroupSearchBase");
    }

    private static void setAdvancedProperties() {
        RW_LDAP_UM_ADVANCED_PROPERTIES.clear();
        setAdvancedProperty("SCIMEnabled", "Enable SCIM", "false", UserStoreConfigConstants.SCIMEnabledDescription);
        setAdvancedProperty(BULK_IMPORT_SUPPORT, "Bulk Import Support", "true", "Bulk Import Supported");
        setAdvancedProperty("EmptyRolesAllowed", "Allow Empty Roles", "true", UserStoreConfigConstants.emptyRolesAllowedDescription);
        setAdvancedProperty("PasswordHashMethod", "Password Hashing Algorithm", UserCoreConstants.RealmConfig.PASSWORD_HASH_METHOD_PLAIN_TEXT, UserStoreConfigConstants.passwordHashMethodDescription);
        setAdvancedProperty(MULTI_ATTRIBUTE_SEPARATOR, "Multiple Attribute Separator", ",", MULTI_ATTRIBUTE_SEPARATOR_DESCRIPTION);
        setAdvancedProperty("MaxUserNameListLength", "Maximum User List Length", UserCoreConstants.RealmConfig.PROPERTY_VALUE_DEFAULT_MAX_COUNT, UserStoreConfigConstants.maxUserNameListLengthDescription);
        setAdvancedProperty("MaxRoleNameListLength", "Maximum Role List Length", UserCoreConstants.RealmConfig.PROPERTY_VALUE_DEFAULT_MAX_COUNT, UserStoreConfigConstants.maxRoleNameListLengthDescription);
        setAdvancedProperty(UserCoreConstants.RealmConfig.PROPERTY_KDC_ENABLED, "Enable KDC", "false", "Whether key distribution center enabled");
        setAdvancedProperty(UserCoreConstants.RealmConfig.DEFAULT_REALM_NAME, "Default Realm Name", "WSO2.ORG", "Default name for the realm");
        setAdvancedProperty("UserRolesCacheEnabled", "Enable User Role Cache", "true", UserStoreConfigConstants.userRolesCacheEnabledDescription);
        setAdvancedProperty("ConnectionPoolingEnabled", "Enable LDAP Connection Pooling", "false", UserStoreConfigConstants.connectionPoolingEnabledDescription);
        setAdvancedProperty(LDAPConnectionTimeout, LDAPConnectionTimeoutDescription, "5000", LDAPConnectionTimeoutDescription);
        setAdvancedProperty(readTimeout, "LDAP Read Timeout", "5000", readTimeoutDescription);
        setAdvancedProperty(RETRY_ATTEMPTS, "Retry Attempts", "0", "Number of retries for authentication in case ldap read timed out.");
        setAdvancedProperty("CountRetrieverClass", "Count Implementation", "", "Name of the class that implements the count functionality");
        setAdvancedProperty(LDAPConstants.LDAP_ATTRIBUTES_BINARY, "LDAP binary attributes", " ", LDAPBinaryAttributesDescription);
        setAdvancedProperty(UserStoreConfigConstants.claimOperationsSupported, UserStoreConfigConstants.getClaimOperationsSupportedDisplayName, "true", UserStoreConfigConstants.claimOperationsSupportedDescription);
        setAdvancedProperty("MembershipAttributeRange", "Membership Attribute Range", String.valueOf(0), "Number of maximum users of role returned by the LDAP");
        setAdvancedProperty(LDAPConstants.USER_CACHE_EXPIRY_MILLISECONDS, "User Cache Expiry milliseconds", "", "Configure the user cache expiry in milliseconds. Values  {0: expire immediately, -1: never expire, '': i.e. empty, system default}.");
        setAdvancedProperty(LDAPConstants.USER_DN_CACHE_ENABLED, "Enable User DN Cache", "true", "Enables the user cache. Default true, Unless set to false. Empty value is interpreted as true.");
        setAdvancedProperty(UserStoreConfigConstants.STARTTLS_ENABLED, UserStoreConfigConstants.STARTTLS_ENABLED_DISPLAY_NAME, "false", UserStoreConfigConstants.STARTTLS_ENABLED_DESCRIPTION);
        setAdvancedProperty(UserStoreConfigConstants.CONNECTION_RETRY_DELAY, UserStoreConfigConstants.CONNECTION_RETRY_DELAY_DISPLAY_NAME, String.valueOf(120000), UserStoreConfigConstants.CONNECTION_RETRY_DELAY_DESCRIPTION);
    }

    @Override // org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager, org.wso2.carbon.user.api.UserStoreManager
    public Properties getDefaultUserStoreProperties() {
        Properties properties = new Properties();
        properties.setMandatoryProperties((Property[]) ReadWriteLDAPUserStoreConstants.RWLDAP_USERSTORE_PROPERTIES.toArray(new Property[ReadWriteLDAPUserStoreConstants.RWLDAP_USERSTORE_PROPERTIES.size()]));
        properties.setOptionalProperties((Property[]) ReadWriteLDAPUserStoreConstants.OPTINAL_RWLDAP_USERSTORE_PROPERTIES.toArray(new Property[ReadWriteLDAPUserStoreConstants.OPTINAL_RWLDAP_USERSTORE_PROPERTIES.size()]));
        properties.setAdvancedProperties((Property[]) RW_LDAP_UM_ADVANCED_PROPERTIES.toArray(new Property[RW_LDAP_UM_ADVANCED_PROPERTIES.size()]));
        return properties;
    }

    private void handleException(Exception exc, String str) throws UserStoreException {
        if (exc instanceof InvalidAttributeValueException) {
            String str2 = "One or more attribute values provided are incompatible for user : " + str + "Please check and try again.";
            if (logger.isDebugEnabled()) {
                logger.debug(str2, exc);
            }
            throw new UserStoreException(str2, exc);
        }
        if (exc instanceof InvalidAttributeIdentifierException) {
            String str3 = "One or more attributes you are trying to add/update are not supported by underlying LDAP for user : " + str;
            if (logger.isDebugEnabled()) {
                logger.debug(str3, exc);
            }
            throw new UserStoreException(str3, exc);
        }
        if (exc instanceof NoSuchAttributeException) {
            String str4 = "One or more attributes you are trying to add/update are not supported by underlying LDAP for user : " + str;
            if (logger.isDebugEnabled()) {
                logger.debug(str4, exc);
            }
            throw new UserStoreException(str4, exc);
        }
        if (exc instanceof NamingException) {
            String str5 = "Profile information could not be updated in LDAP user store for user : " + str;
            if (logger.isDebugEnabled()) {
                logger.debug(str5, exc);
            }
            throw new UserStoreException(str5, exc);
        }
        if (exc instanceof org.wso2.carbon.user.api.UserStoreException) {
            String str6 = "Error in obtaining claim mapping for user : " + str;
            if (logger.isDebugEnabled()) {
                logger.debug(str6, exc);
            }
            throw new UserStoreException(str6, exc);
        }
    }

    private String escapeSpecialCharactersForDN(String str) {
        boolean z = true;
        String userStoreProperty = this.realmConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_REPLACE_ESCAPE_CHARACTERS_AT_USER_LOGIN);
        if (userStoreProperty != null) {
            z = Boolean.parseBoolean(userStoreProperty);
            if (log.isDebugEnabled()) {
                log.debug("Replace escape characters configured to: " + userStoreProperty);
            }
        }
        if (!z) {
            return str;
        }
        StringBuilder sb = new StringBuilder();
        if (str.length() > 0 && (str.charAt(0) == ' ' || str.charAt(0) == '#')) {
            sb.append('\\');
        }
        int i = 0;
        while (i < str.length()) {
            char charAt = str.charAt(i);
            switch (charAt) {
                case '\"':
                    sb.append("\\\"");
                    break;
                case '+':
                    sb.append("\\+");
                    break;
                case ',':
                    sb.append("\\,");
                    break;
                case ';':
                    sb.append("\\;");
                    break;
                case '<':
                    sb.append("\\<");
                    break;
                case '>':
                    sb.append("\\>");
                    break;
                case '\\':
                    if (str.charAt(i + 1) != '*') {
                        sb.append("\\\\");
                        break;
                    } else {
                        sb.append("*");
                        i++;
                        break;
                    }
                default:
                    sb.append(charAt);
                    break;
            }
            i++;
        }
        if (str.length() > 1 && str.charAt(str.length() - 1) == ' ') {
            sb.insert(sb.length() - 1, '\\');
        }
        if (log.isDebugEnabled()) {
            log.debug("value after escaping special characters in " + str + " : " + sb.toString());
        }
        return sb.toString();
    }

    private String escapeSpecialCharactersForFilter(String str) {
        boolean z = true;
        str.replace("\\*", "*");
        String userStoreProperty = this.realmConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_REPLACE_ESCAPE_CHARACTERS_AT_USER_LOGIN);
        if (userStoreProperty != null) {
            z = Boolean.parseBoolean(userStoreProperty);
            if (log.isDebugEnabled()) {
                log.debug("Replace escape characters configured to: " + userStoreProperty);
            }
        }
        if (!z) {
            return str;
        }
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            switch (charAt) {
                case 0:
                    sb.append("\\00");
                    break;
                case '(':
                    sb.append("\\28");
                    break;
                case ')':
                    sb.append("\\29");
                    break;
                case '*':
                    sb.append("\\2a");
                    break;
                case '\\':
                    sb.append("\\5c");
                    break;
                default:
                    sb.append(charAt);
                    break;
            }
        }
        return sb.toString();
    }

    private String escapeSpecialCharactersForDNWithStar(String str) {
        boolean z = true;
        str.replace("\\*", "*");
        String userStoreProperty = this.realmConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_REPLACE_ESCAPE_CHARACTERS_AT_USER_LOGIN);
        if (userStoreProperty != null) {
            z = Boolean.parseBoolean(userStoreProperty);
            if (log.isDebugEnabled()) {
                log.debug("Replace escape characters configured to: " + userStoreProperty);
            }
        }
        if (!z) {
            return str;
        }
        StringBuilder sb = new StringBuilder();
        if (str.length() > 0 && (str.charAt(0) == ' ' || str.charAt(0) == '#')) {
            sb.append('\\');
        }
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            switch (charAt) {
                case '\"':
                    sb.append("\\\"");
                    break;
                case '*':
                    sb.append("\\2a");
                    break;
                case '+':
                    sb.append("\\+");
                    break;
                case ',':
                    sb.append("\\,");
                    break;
                case ';':
                    sb.append("\\;");
                    break;
                case '<':
                    sb.append("\\<");
                    break;
                case '>':
                    sb.append("\\>");
                    break;
                case '\\':
                    sb.append("\\\\");
                    break;
                default:
                    sb.append(charAt);
                    break;
            }
        }
        if (str.length() > 1 && str.charAt(str.length() - 1) == ' ') {
            sb.insert(sb.length() - 1, '\\');
        }
        if (log.isDebugEnabled()) {
            log.debug("value after escaping special characters in " + str + " : " + sb.toString());
        }
        return sb.toString();
    }

    private static void setAdvancedProperty(String str, String str2, String str3, String str4) {
        RW_LDAP_UM_ADVANCED_PROPERTIES.add(new Property(str, str3, str2 + "#" + str4, null));
    }

    static {
        setAdvancedProperties();
    }
}
